• Reference >
• Atlas mongocli Commands >
• Atlas dbuser Commands >
• mongocli atlas dbuser certs create

mongocli atlas dbuser certs create

The dbuser certs create command creates an Atlas-managed X.509 certificate for the specified MongoDB database user who authenticates using X.509 certificates. You can also create an Atlas-managed X.509 certificate for a MongoDB database user through the Atlas UI or API.

Important

You cannot use the dbuser certs create command to list certificates for MongoDB database users if

• You are managing your own Certificate Authority (CA) in Self-Managed X.509 mode. You must generate certificates for database users using your own CA.
• The user you specify does not authenticate using X.509 certificates.

Syntax

copy

mongocli atlas dbuser certs create
     [ --monthsUntilExpiration <number of months until certificate expires> ]
     [ --output|-o <output-format> ]
     [ --profile|-P <profile-name> ]
     [ --projectId <project-ID> ]
     --username <name-of-user>

Note

Use -h or --help to view the command-line help for this command.

Options

Option	Type	Description	Required?
--monthsUntilExpiration	integer	Months until the X.509 certificate expires. Maximum value is 24. Defaults to 3.	no
--output, -o	string	Command output format. Valid values are: json for output in JSON format go-template for custom output using the Go template go-template-file for custom output specified using Go template file If omitted, the command returns output in the default format.	no
--profile, -P	string	Name of the profile where the public and private keys for the project are saved. If omitted, uses the default profile. To learn more about creating a profile, see Configure the MongoDB CLI.	no
--projectId	string	Unique identifier of the project that contains the MongoDB database user. If omitted, uses the project ID in the profile or environment variable.	no
--username	string	Username for whom you want to create a X.509 certificate.	yes

Output

The command prints the following fields in the specified format to the terminal if the command succeeds. If the command prints an error, see Troubleshooting for recommended solutions.

Field	Description
certificate	The PEM-encoded X.509 certificate that Atlas created for the user.
monthsUntilExpiration	Months until the X.509 certificate expires. Maximum value is 24. Defaults to 3.
username	Username for whom Atlas generated the x.509 certificate.

Example

The following example uses the mongocli atlas dbuser certs create command to create an Atlas-managed X.509 certificate for a MongoDB database user dbuser. It uses the default profile to access Atlas and generate the X.509 certificate.

mongocli atlas dbuser certs create --username dbuser --output json
--monthsUntilExpiration 3 --projectId 5e2211c17a3e5a48f5497de3

The previous command prints the following fields to the terminal. To learn more about these fields, see Output.

{
  "username": "dbuser",
  "monthsUntilExpiration": 3,
  "certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----\n-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n"
}

←   mongocli atlas dbuser certs list Atlas datalake Commands  →

© MongoDB, Inc 2008-present. MongoDB, Mongo, and the leaf logo are registered trademarks of MongoDB, Inc.